no tcp logs in smoothwall firewall

Archived from groups: comp.security.firewalls (More info?)

Hi

Through advice from this site I tested smoothwall 2.0

I deliberately knock aginst the fire wall with telnet or ssh.
All I get is UDP traffic logs of traffic passing by. It is acting
as a sniffer


What have I configured wrong
2 answers Last reply
More about logs smoothwall firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    "silvester the putty cat" <someone@tweety.com> wrote in news:newscache
    $uqdnyh$03j$1@weblab.ucd.ie:

    > Hi
    >
    > Through advice from this site I tested smoothwall 2.0
    >
    > I deliberately knock aginst the fire wall with telnet or ssh.
    > All I get is UDP traffic logs of traffic passing by. It is acting
    > as a sniffer
    >
    >
    > What have I configured wrong
    >
    >
    >

    Smoothwall is a lot like IpCop which is all I know about.
    The log will not be generated unless you are coming
    from the "RED" side of the wall. As all Green is permitted.
    Try going to www.grc.com and doing the "shields up" test.
  2. Archived from groups: comp.security.firewalls (More info?)

    >
    > > Hi
    > >
    > > Through advice from this site I tested smoothwall 2.0
    > >
    > > I deliberately knock aginst the fire wall with telnet or ssh.
    > > All I get is UDP traffic logs of traffic passing by. It is acting
    > > as a sniffer
    > >
    > > What have I configured wrong
    >
    > Smoothwall is a lot like IpCop which is all I know about.
    > The log will not be generated unless you are coming
    > from the "RED" side of the wall. As all Green is permitted.
    > Try going to www.grc.com and doing the "shields up" test.

    I have been using Smoothwall for several years now, and so far my network
    integrity has not been compromised. The thing just sits there up in my loft
    and does the job without me having to do much about it.
    The smothwall experience has been a good one, the security is tight, and it
    is easy to control the traffic. I believe that SmootWall in its standard
    package (free from the net at www.smoothwall.org) gives you an adequate
    protection.

    Depending on how active you want your Smoothie to be, you may also want to
    look at some of the Modifications that are available through the Forum
    pages. Personally I have installed the following mods:

    - "DShield Log Submission & Blocklist" - submission of firewall logs and
    pre-emptive blocking of aggressive IP's as reported to DShield.org which is
    found at http://community.smoothwall.org/forum/viewtopic.php?t=6351
    This fuction lets my Smoothwall take advantage of the detection work done by
    others and also contribute actively to the identification of malicious
    addresses on the networks. The mod does not require any actions from my
    side.

    - "Snort + Guardian - active firewall" which is found at
    http://community.smoothwall.org/forum/viewtopic.php?t=5702
    This one makes the www.grc.com test believe that your system is more or less
    unnplugged from the network. Snort (in its standard version) will detect
    that you are being port-scanned and automatically block all furter
    communication witht that site. The addition of Guardian in this manner to a
    firewall really takes the security to a new level, as the FW is able to
    adapt to the traffic which is detected. I do not have to work with long
    lists of addresses that I want to block anymore. I just check the growing
    list of addresses where someone has tried to be "smart". To them, my whole
    network becomes instantly invisible.

    "Update Snort" which is a natural extension of the modification above. It is
    found at http://community.smoothwall.org/forum/viewtopic.php?t=5035
    This modification require that I give a command from the Web-interface now
    and then just to secure that I have the latest rules, but it would be a very
    small job to add an automatic update function to the SmothWall. By updating
    the rules, the adaptive security behaviour which was added by the Guardian
    modification above becomes even better.

    Since I have some very active family members on my network and need to have
    a stable connection going to servers in the company from my home office, I
    have also added a "Traffic shaping" modification which is found here:
    http://community.smoothwall.org/forum/viewtopic.php?t=1817
    By juggling the port lists a little bit, all users are now happy and nobody
    looses VPN connections due to traffic overload due to Direct Connect, FTPs,
    Bittorrents etc.

    So, does this mean that I have to spend a lot of time working my Firewall
    and keeping a constant watch-out for new modifications etc. Not in my world,
    I have added the functions I found I need, and have just left it running.
    the up-time has been determined by two things over the years: 1) the power
    supply company and 2) the durability of the ols PC HW I use to run this on.

    I get two advantages which has been the improtant factors for me: 1) Good
    industy standard protection even here at home, 2) I do not have to worry
    about it or tinker all the time 3) It is free, and run on old PC HW which
    can be found at very low prices.

    John Morten

    PS. No, I am not part of the SmootWall company, nor do I program things or
    sell this product. I am just very pleased with it and wanted you to hear
    about it.
Ask a new question

Read More

Firewalls Security TCP/IP Networking